In this post, I will show you how to run MDE Client Analyzer on Windows. The Microsoft Defender for Endpoint Client Analyzer (MDECA) tool collects information and helps you to troubleshoot issues you may be experiencing with Microsoft Defender for Endpoint.

The Microsoft Defender for Endpoint Client Analyzer can help you figure out what is wrong with a sensor’s health or stability on devices that are already installed and running Windows, Linux, or macOS. The tool also checks connectivity to Microsoft Defender for Endpoint service URLs and reports if the URLs are blocked on the Windows client.

You may want to run the analyzer on a machine that the security portal shows as having a sensor health state of “Inactive,” “No Sensor Data,” or “Impeded Communications.” You may run the client analyzer tool either before or after onboarding your devices to Microsoft Defender for Endpoint.

Install and Update Third Party Applications with Patch My PC
Install and Update Third Party Applications with Patch My PC

Download the Microsoft Defender for Endpoint client analyzer

The Microsoft Defender for Endpoint client analyzer is available for platforms such as Windows, macOS, and Linux Operating Systems. The client analyzer is available in two editions: Stable and Preview. I recommend downloading the stable version of the MDE client analyzer if you are going to use this tool on production machines.

Use the below information to get the latest version of the MDE client analyzer tool for Windows.

  1. The latest MDECA stable edition is available for download at the following URL: https://aka.ms/MDEAnalyzer
  2. The latest MDECA preview edition is available for download at the following URL: https://aka.ms/BetaMDEAnalyzer

Run MDE Client Analyzer on Windows

On the Windows device where you intend to run the MDE client analyzer tool, extract the contents of MDEClientAnalyzer.zip to a folder.

Run MDE Client Analyzer on Windows
Run MDE Client Analyzer on Windows

Go to Start and type cmd. Right-click the Command prompt and select Run as administrator. In the command prompt, change the path where you extracted MDEClientAnalyzer files. To start the MDE client analyzer tool, run the command MDEClientAnalyzer.cmd.

Starting Microsoft Defender for Endpoint analyzer process…
Testing for administrative privileges
script is running with sufficient privileges
Run MDE Client Analyzer on Windows
Run MDE Client Analyzer on Windows

If you are running the Client Analyzer for the first time on a Windows device, you will have to accept the MDEClientAnalyzer EULA. On the Microsoft Diagnostic Tools End User License Agreement pop-up, click on Accept.

Run MDE Client Analyzer on Windows
Run MDE Client Analyzer on Windows

The tool now runs a series of checks and scripts on the Windows device to determine if there are issues with Microsoft Defender for Endpoint. Once data collection is complete, the tool saves the data locally on the machine within a subfolder and compressed zip file.

The subsequent lines in the command prompt output confirm that the execution of the MDE Client Analyzer was successful, and the results are now available for analysis.

Succeeded to CollectLog at: C:\MDEClientAnalyzer\MDEClientAnalyzerResult\MDM\MDMLogs.zip
Generating HealthCheck report...
Compressing results directory...
Result is available at: MDEClientAnalyzerResult_2415081140.zip
Client analysis results opened in browser
Run MDE Client Analyzer on Windows
Run MDE Client Analyzer on Windows

Analyzing the MDEClientAnalyzer Results

The Microsoft Defender for Endpoint client analyzer results are stored in a folder named MDEClientAnalyzerResult. This folder is located in the same location from where you executed the client analyzer tool.

The MDEClientAnalyzerResult contains the following folders:

  • DefenderAV
  • EventLogs
  • MdeConfigMgrLogs
  • MDM
  • SystemInfoLogs
  • MDEClientAnalyzer.htm
Analyzing the MDEClientAnalyzer Results
Analyzing the MDEClientAnalyzer Results

MDEClientAnalyzer.htm file is the best way to view the summarized information of the MDE client analyzer results. This file opens in the Edge browser and shows various details about the client and all the MDE

The MDE Client Analyzer Results include the following details:

  • Device Information
  • Check Results Summary
  • Microsoft Defender for Endpoint Configuration and Connectivity check results.
Analyzing the MDEClientAnalyzer Results
Analyzing the MDEClientAnalyzer Results

Conclusion

The MDE Client Analyzer is the best tool for troubleshooting connectivity and configuration issues related to Microsoft Defender for Endpoint. This tool is also used by Microsoft Customer Support Services (CSS) to collect information if you’re experiencing with Microsoft Defender for Endpoint. I hope you learned how to use this tool and analyze the results.

If you have any questions, please let me know in the comments section. To get more help on Microsoft Intune and Configuration Manager issues, feel free to visit the community forums.

Still Need Help?

If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.

Prajwal Desai

Prajwal Desai is a technology expert and 10 time Dual Microsoft MVP (Most Valuable Professional) with a focus on Microsoft Intune, SCCM, Windows 365, Enterprise Mobility, and Windows. He is a renowned author, speaker, & community leader, known for sharing his expertise & knowledge through his blog, YouTube, conferences, webinars etc.